映射到 CWE-89 的搜索结果 (4378)

CVE-2018-3811(发布:2018-01-01 01:29:00)NMP
CVSS7.5

[原文]SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.

CVE-2014-4914(发布:2017-12-29 09:29:00)NMCPS
CVSS7.5

[CNNVD]Zend Framework‘Zend_Db_Select::order()’函数SQL注入漏洞--Zend Framework(ZF)是美国Zend公司开发的一套开源的PHP5开发框架,它主要用于开发Web程序和服务。 Zend Framework 1.12.7之前的版本中存在SQL注入漏洞,该漏洞源于程序在构造SQL查询语句之前没有充分过滤用户提交的输入。攻击者可利用该漏洞...

CVE-2015-3637(发布:2017-12-27 21:29:03)NM
CVSS6.8

[原文]SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.

CVE-2017-0304(发布:2017-12-21 12:29:00)NMS
CVSS5.5

[原文]A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.

CVE-2012-2576(发布:2017-12-20 16:29:00)NME
CVSS10.0

[原文]SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

CVE-2017-1757(发布:2017-12-20 13:29:01)NMS
CVSS6.5

[原文]IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.

12345678下一页尾页 第1页 / 共730页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站